package com.swsc.xapp.offline.lhttpd;

import androidx.annotation.NonNull;

import com.yanzhenjie.andserver.annotation.Interceptor;
import com.yanzhenjie.andserver.framework.HandlerInterceptor;
import com.yanzhenjie.andserver.framework.handler.RequestHandler;
import com.yanzhenjie.andserver.http.HttpRequest;
import com.yanzhenjie.andserver.http.HttpResponse;

@Interceptor
public class CorsInterceptor implements HandlerInterceptor {
    @Override
    public boolean onIntercept(@NonNull @org.jetbrains.annotations.NotNull HttpRequest request,
                               @NonNull @org.jetbrains.annotations.NotNull HttpResponse response,
                               @NonNull @org.jetbrains.annotations.NotNull RequestHandler handler) throws Exception {
        response.addHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
        response.setHeader("Access-Control-Max-Age", "3600");
        // 此处不用 Access-Control-Allow-Headers, *: 移动端部分手机webview会检查Header, 须明确指出
        response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin, X-Requested-With, Content-Type, Accept, " +
                "Accept-Encoding, Accept-Language, Connection, DNT, Host, Referer, User-Agent, Cookie, X-Token, x-token, " +
                "token, Authorization, platform, Content-Length, X-CSRF-Token, Token, session, X-CustomHeader, If-Modified-Since," +
                " Cache-Control, Pragma, x-auth-token, Sec-WebSocket-Accept, Sec-WebSocket-Key, Sec-WebSocket-Version");

        return false;
    }
}
